Privacy Policy
Effective: January 1, 2026
01Who this applies to
This Privacy Policy describes how CliniLoom handles information for visitors of our website and authorized users of the CliniLoom application. Patient health information processed on behalf of a clinic is governed by the Business Associate Agreement signed with that clinic, not by this policy.
02Information we collect
- Account information you provide (name, work email, clinic name, role).
- Authentication and session events for security and audit.
- Product usage events that do not contain patient information.
- Support correspondence and content you submit through forms.
03How we use information
- Operate, secure, and improve the CliniLoom service.
- Provide customer support and respond to requests.
- Send service-related communications (not marketing by default).
04Patient health information (PHI)
When a clinic uses CliniLoom to process PHI, the clinic is the covered entity and CliniLoom is its business associate. Our handling of PHI is governed by the BAA, which restricts use of PHI to providing the service. We do not sell PHI and do not use PHI to train shared models.
05Sharing
We share information only with the subprocessors listed on our Data Processing page, with each operating under contractual privacy and security obligations. We do not sell personal information.
06Retention
We retain account and audit data for as long as needed to provide the service and meet legal and security obligations. Clinics control retention of customer data through CliniLoom settings.
07Your choices
You can update or delete your account information, request access, or contact us at legal@cliniloom.com for privacy requests.
08Contact
Questions about this policy? Email legal@cliniloom.com.